SSL VPN and IPsec VPN: How they work SSL VPN and IPsec VPN: How they work

SSL VPN and IPsec VPN: How they work

by Calyptix, November 2, 2016

IPsec-VPN-vs-SSL-VPNA virtual private networks (VPN) is a popular way for businesses and individuals to enhance their security online.

But VPNs come in many types and protocols. What is the best one to fit your needs? And why do you even need a VPN?

Before we get to the differences between SSL VPN and IPsec VPN, let’s start with the basics.

What is a VPN?

VPN-virtual-private-networkA Virtual Private Network, or VPN, is exactly what it sounds like – a network with no physical location that is configured to protect a user’s privacy online.

Also known as VPN tunnels, they allow users to connect to a private network and use its systems even when not directly connected to that network.

For example, business travelers often use VPN at the airport. By connecting to the airport’s wifi and then establishing a VPN connection to their office network, they can check their company emails as if they were sitting at a workstation.

VPN also establishes a secure connection. The data sent between the user and the network is encrypted, making it a reliable safety measure when using public wifi and other untrusted networks.

The user’s IP address is also obscured by VPN. Anyone wishing to track the user’s activity will see the IP address of the user’s VPN-connected network rather than the address of the user’s local network.

Two of the most commonly used VPN protocols are SSL VPN and IPsec VPN (more details below).

Why should you use a VPN?

The primary benefit of a VPN is enhanced security and privacy. VPN tunnels encrypt the traffic sent to and from the user, making it all but impossible for would-be attackers to use any data they intercept.

So if you want to check your bank account balance on an unsecure network, such as the free public wifi at a local coffee shop, then a VPN connection will help keep your banking password and account information secure.

Since VPN tunnels also obscure user’s IP address, they also make it harder for third parties to track a user’s online activity. Instead of seeing the individual user’s IP address, the third party will only see the IP of the network to which the user is connected via VPN.

Lastly, VPN tunnels are useful when you need to access something on a remote network. For example, if you visit a client’s site and forget to bring an important file, you can connect to the home network via mobile VPN and grab the file from a shared drive (assuming it’s saved there).

IPsec-VPN-network-securityIPsec VPN

IPsec VPN is one of two common VPN protocols, or set of standards used to establish a VPN connection.

IPsec is set at the IP layer, and it is often used to allow secure, remote access to an entire network (rather than just a single device).

This inability to restrict users to network segments is a common concern with this protocol.

IPsec VPNs come in two types: tunnel mode and transport mode.

IPsec Tunnel Mode VPN

IPsec VPNs that work in tunnel mode encrypt an entire outgoing packet, wrapping the old packet in a new, secure one with a new packet header and ESP trailer.

They also authenticate the receiving site using an authentication header in the packet.

Tunnel mode IPsec VPN is typically implemented on a secure gateway, such as on a firewall or router port, which acts as a proxy for the two communicating sites.

IPsec Transport Mode VPN

Transport mode on the other hand only encrypts the IP payload and ESP trailer being sent between two sites.

Usually meant for use in end-to-end communication between sites, transport mode doesn’t alter the IP header of the outgoing packet.

SSL VPNSSL-vpn

Secure Sockets Layer, or SSL VPN, is the second common VPN protocol.

A big plus for SSL VPNs is that they can allow segmented access for users. For example, users can be limited to checking email and accessing shared drives rather than having access to the entire network.

SSL VPNs come in two types, SSL portal and SSL tunnel.

SSL Portal VPNs

SSL Portal VPNs allow a user to securely access the web from a browser once the user logs into the VPN’s online portal using a specified method of authorization.

This type of SSL VPN gets its name because of how the user accesses it – through a single web page, or portal. The page acts as a single gateway to the other services available on the secured network.

SSL Tunnel VPNs

SSL Tunnel VPNs allow the user to not only access the web securely, but to also use applications and other network services that aren’t based on the web.

Due to their sophisticated segmentation capabilities, SSL VPNs often require more skill to implement.

VPNs are not a cure-all

While having a VPN to protect web traffic is a great way to help secure information, it’s not an end-all be-all security solution.

After all, a VPN won’t protect your employees from social engineering attacks such as email phishing.

VPNs should be used in conjunction with other network security tools such as firewalls, antivirus, and antimalware to prevent attacks.

Training employees about networks security and its importance is also important for creating an effective, comprehensive network security plan.

AccessEnforcer VPN Services Overview

Related Sources:

Mobile VPN now supported in AccessEnforcer from Calyptix

7 Tips on Data Security for Business Travelers

VPNs: What They Do, How They Work, and Why You’re Dumb for Not Using One

Tunnel Vision: Choosing a VPN – SSL VPN vs. IPsec VPN

1 Comment


    • HarperT
      Reply Cancel Reply
    • October 25, 2018

    What about OpenVPN? It's gaining popularity because it's open source. The security is also less debatable than IPSec and SSL. Maybe interesting to note that there are other VPN protocols apart from IPSec and SSL. Edward Snowden apparently once said that IPSec is compromised by the NSA.

Leave a Reply

Your email address will not be published Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*